public EnclaveInstanceInfo
Contains serializable information about an instantiated enclave running on a
specific machine, with the measurement and instance signing key verified by
remote attestation. The remote attestation infrastructure backing all trusted
computing schemes is what gives you confidence that the data in this object is
correct and can be trusted, as long as securityInfo and enclaveInfo
match what you expect.
An interface EnclaveInstanceInfo should be fetched from the host via some app specific
mechanism, such as via an HTTP request, a directory service lookup, shared file
etc.
securityInfo,
enclaveInfo,
interface EnclaveInstanceInfo@NotNull EnclaveInfo getEnclaveInfo()
Contains information about the enclave code that was loaded.
@NotNull java.security.PublicKey getEncryptionKey()
Returns the enclave's public encryption key.
For creating mail targeted to this enclave use a class PostOffice from createPostOffice.
class PostOffice,
createPostOffice@NotNull java.security.PublicKey getDataSigningKey()
A key used by the enclave to digitally sign static data structures.
This is not the same as the enclave code signing key, which just links a specific enclave file to its author.
@NotNull java.security.Signature verifier()
Returns a Signature object pre-initialised with dataSigningKey, ready for the verification of digitial signatures
generated by the enclave.
dataSigningKey@NotNull EnclaveSecurityInfo getSecurityInfo()
Exposes how secure the remote enclave is currently considered to be.
@NotNull byte[] serialize()
Serializes this object to a custom format and returns the byte array.
@NotNull PostOffice createPostOffice(@NotNull java.security.PrivateKey senderPrivateKey, @NotNull java.lang.String topic)
Returns a new class PostOffice instance far encrypting mail to this target enclave on the given topic.
Each mail created by this post office will be authenticated with the given private key, and will act as the client's
authenticated identity to the enclave (see EnclaveMail.authenticatedSender). Typically only one sender key is
required per client (a new one can be created using Curve25519PrivateKey.random).
It's very important that related mail are created from the same post office instance, i.e. having the same topic and
sender key. This is so the post office can apply an increasing sequence number to each mail, which the target
enclave will use to make sure they are received in order and that none have been dropped (see
EnclaveMailHeader.sequenceNumber).
For a different stream of mail create another post office with a different topic.
@NotNull PostOffice createPostOffice()
Returns a new class PostOffice instance for encrypting mail to this target enclave on the "default" topic.
A new sender private key will be used (which can be retrieved with PostOffice.senderPrivateKey), and each mail
created by this post office will be authenticated with it and act as the client's authenticated identity to the
enclave (see EnclaveMail.authenticatedSender). Typically only one sender key is required per client .
It's very important that related mail are created from the same post office instance, i.e. having the same topic and
sender key. This is so the post office can apply an increasing sequence number to each mail, which the target
enclave will use to make sure they are received in order and that none have been dropped (see
EnclaveMailHeader.sequenceNumber).
For a different stream of mail create another post office with a different topic.
@NotNull static EnclaveInstanceInfo deserialize(@NotNull byte[] from)
Deserializes this object from its custom format.
IllegalArgumentException - If the bytes are invalid.